Goodbye Secrets. Welcome Credentials!

Secrets were introduced with Ruby on Rails 5.1 to make life easier for developers who need to store encrypted credentials or API keys in their repository. Many people were confused by the way it had to be done. It did include a couple of extra steps and an often unnecessary seperation of different environments. I have no opinion about this but I do agree that the new way of achieving it in Ruby on Rails 5.2 is a lot easier. DHH got rid of the secrets and introduced credentials (read his PR for more information).

Kudos to DHH and the core team for doing this. Most projects would have stick with the old way because it was kind of ok.

Once you installed Rails 5.2 each of your new Rails projects has an already good to go setup for using credentials. No more generating keys manually. The important master key is automatically generated and stored in the file config/master.key which can be shared with other developers in the team but which should never be checked into the Git repository. The default .gitignore has been updated accordingly:

Editing Credentials

All credentials are stored encrypted in the file config/credentials.yml.enc. Obviously you can not edit the file directly. You have to use the command rails credentials:editto edit them. For that to work you have to set the shell environment variable EDITOR first. Or you can do both with this one liner in your Bash shell:

Now you can edit your credentials in yaml format. In this example I add a credential with the name foobar and the value test:

Accessing Credentials

You can access a credential anywhere in your application with AppName::Application.credentials.name_of_the_credential. An example from within the console:

If you like this post I’d like to ask you for a favour:
Create an account at my open-source business network

Thank you and see you there!


To use the credentials in production you have to copy the config/master.keyfile to your production environment or setting it up with an environment variable.


I’m a big fan of screencasts too. So here it is:

Screencast for Credentials in Ruby on Rails 5.2


In case you need on site Ruby on Rails training:
Please send me an email to

I’m currently working on my new Ruby on Rails 5.2 book. You can follow me on Twitter to get updates too:

In case you speak German:

Cover of my Ruby on Rails 5.2 book



Ruby on Rails, Phoenix Framework, WebPerf and Photography. Father of two. German and English.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Stefan Wintermeyer

Ruby on Rails, Phoenix Framework, WebPerf and Photography. Father of two. German and English.